Ukraine Remediate Electricity Provider After a Failed Cyber Attack Russian.
Ukraine and the West have continually warned of an attack on power generating plants by Russia. These fears became reality as Russian-backed hackers, Sandworm launched an attack on one of Ukraine’s biggest power providers.
The assault was aimed at disrupting electricity by disconnecting the provider from its substations. The attackers deployed a version of the Industroyer ICS malware customized to target high-voltage electrical substations.
However, the campaign failed as there was no notable effect on the target. It was then learned that the hackers tried to cover up their tracks by executing CaddyWiper and other data-wiping malware.
Ukraine Remediates the Affected Network
The Ukrainian Computer Emergency Response Team (CERT) has partnered with ESET to remedy the situation. Protocols have been put in place to correct the affected network and protect it from further attacks.
The vulnerability that led to this exploit is yet to be discovered as both teams say that it is a mystery how Sandworm got into the network or how they moved it into an ICS environment.
The latest attempt marks the second time the industroyer malware has been used. The first time was in 2016 when a successful assault on the electricity sector caused a power outage in Ukraine.
The said group was also responsible for the attack. However, this time they used an upgraded version of the malware that was created with the sourcecodes and renamed Industroyer2.
The strength of the latest industroyer is yet to be confirmed as the full features have not been confirmed. ESET claimed that it employs the IEC-104 protocol to communicate with industrial equipment.
The report also alleged that It’s more configurable than the original strain and that the settings, including IOAs, timeouts, and ASDUs, are stored as a string which is passed through the IEC-104 communication routine. Additionally, Industroyer2 is able to communicate simultaneously with eight device s.